Security, Privacy, and Compliance
Trust is a core value at Crossbeam.
Data privacy and security is embedded in every part of our business. Our Security Portal outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company and its products.
You can also access more comprehensive security and compliance details in the Security section of our documentation or contact email@example.com with specific questions or requests.
SOC 2 Type II
Our SOC 2 Type II report is available to current and prospective enterprise customers upon request, subject to the appropriate non-disclosure agreements.
This practice ensures that Crossbeam maintains a robust set of security controls, policies, and practices that are validated by regular external audits by AICPA’s SOC for Service Organizations Trust Services Criteria.
GDPR and CCPA
The European Union’s General Data Protection Regulation (GDPR) creates a standard framework to which all compliant businesses must adhere, creating clarity and transparency for customers. Similarly, the California Consumer Privacy Act (CCPA) is a California state statute intended to enhance privacy rights and consumer protection for residents of California.
To ensure compliance with both GDPR and CCPA for our customers, Crossbeam offers a comprehensive Data Processing Addendum (DPA). This DPA enacts standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU. It also sets forth our standards regarding the handling Personal Information governed by CCPA.
Crossbeam’s GDPR and CCPA Data Processing Addendum (DPA)
Crossbeam’s Subprocessors list
Data Transfers and Privacy Dispute Resolution
For clients transferring data out of the EU or EEA into Crossbeam, our DPA includes the European Commission’s standard contractual clauses (SCCs). The SCCs offer sufficient safeguards on data protection for the data to be transferred internationally.
Additionally, Crossbeam remains certified under the EU-US Privacy Shield Framework. More information on Privacy Shield is available here. U.S. businesses participating in the Privacy Shield Frameworks must provide an independent dispute resolution service to EU or Swiss individuals whose personal data they transfer to the United States. Crossbeam participates in the BBB EU Privacy Shield program, operated by the Council of Better Business Bureaus, for independent dispute resolution.
BBB Dispute Resolution Process Information
Penetration Test Report Available
An external security firm conducts quarterly penetration tests of Crossbeam’s systems. These tests include automated scans and manual testing by security experts seeking to uncover vulnerabilities. Copies of our most recent penetration tests are made available to Crossbeam customers upon request, subject to the appropriate non-disclosure agreements.